Security News > 2021 > December > Stealthy BLISTER malware slips in unnoticed on Windows systems
One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate.
The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.
Whoever is behind Blister malware has been running campaigns for at least three months, since at least September 15, security researchers from Elastic search company found.
One method was to embed Blister malware into a legitimate library.
While the objective of these attacks of the initial infection vector remain unclear, by combining valid code-signing certs, malware embedded in legitimate libraries, and execution of payloads in memory the threat actors increased their chances for a successful attack.
Elastic has created a Yara rule to identify Blister activity and provides indicators of compromise to help organizations defend against the threat.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)